
LiteLLM Supply Chain Compromise | Episode 47
From AI Security Ops by Black Hills Information Security
April 13, 2026 · 20 min · Episode 47
About this episode
The episode discusses the LiteLLM supply chain compromise and its implications for AI security.
In this episode of BHIS Presents: AI Security Ops, the team breaks down the LiteLLM supply chain compromise–a real-world attack that shows how AI systems are being breached through the same old software supply chain weaknesses. What initially looked like a bad release quickly escalated into a full-scale compromise affecting a library downloaded millions of times per day. But LiteLLM wasn’t the starting point–it was just one link in a much larger attack chain involving compromised security tools, CI/CD pipelines, and stolen publishing credentials. The result? Malicious packages distributed at scale, harvesting secrets, enabling lateral movement, and establishing persistence across affected systems. We dig into: • What LiteLLM is and why it’s such a high-value target • How the attack chain started with compromised security tooling (Trivy, Checkmarx) • How unpinned dependencies enabled the compromise • The role of CI/CD pipelines in exposing sensitive credentials • What the malicious LiteLLM packages actually did (credential harvesting, persistence, lateral movement) • The scale of impact given LiteLLM’s widespread adoption • Why supply chain attacks are no longer theoretical–and no…
People in this episode
Host: Black Hills Information Security
Topics covered
- supply chain compromise
- AI security
- malicious packages
- CI/CD pipelines
- credential harvesting
- infrastructure failure
Keywords
- LiteLLM
- supply chain attack
- AI systems
- security tools
- CI/CD
- credential harvesting
- malicious packages
- infrastructure failure
Mentioned in this episode
Organizations: Trivy, Checkmarx
Products: LiteLLM
More episodes of AI Security Ops
- AI Cost Saving Tips | Episode 55 · June 4, 2026 · 30 min
- Is It the Model or the Harness? | Episode 54 · June 1, 2026 · 20 min
- AI News | Episode 53 · May 22, 2026 · 29 min
- Agent Pentest Benchmarking | Episode 52 · May 14, 2026 · 18 min
- AI and Bug Bounties | Episode 51 · May 11, 2026 · 14 min
- Vercel Breach | Episode 50 · May 1, 2026 · 18 min
Explore listener stats, chart rankings, contacts and more on the AI Security Ops podcast page.